OpenDNS - a disappointment

Submitted by Arancaytar on Sat, 2009-10-17 22:49
Related Terms :

Last week I decided to give OpenDNS a shot. It seemed like a good alternative to the DNS server of my ISP (not that my service provider has proved itself untrustworthy on that score, but I decided to be rather safe than sorry).

Specifically, what I wanted to avoid was a scenario that has played out far too often among ISPs, called DNS Hijacking.

Particularly the more infamous providers (including Comcast and Verizon) have made bad headlines in the past few years for doing this. It goes like this:

When your computer looks up a domain like "invalid.asdfghjklomnbv.tld", the DNS server is supposed to return a clear signal that the lookup failed, which is called "NXDOMAIN". That lets the client decide what to do next - maybe try another nameserver, maybe redirect to Google, maybe display an error message or log a failed connection attempt. The beauty of this is that the NXDOMAIN is part of the DNS protocol and therefore independent of what kind of computer you actually connect with. It might be a server for IRC, SMTP, a web or a news server. The client will know what to do in case of a failed lookup.

The DNS server doesn't actually have to do that, of course. As in all other matters, you have to trust it to give you accurate information.

What some ISPs have realized is that they can drive massive traffic to advertisers by hijacking their customers' failed domain lookups. In effect, that means you never get a normal "domain does not exist" message. Instead, the DNS server lies to you and says the domain resolves to its very own ad-server. You connect to the server, get some vaguely related search results. It's annoying, it's a violation of the DNS protocol, it breaks non-web clients, and is one of the things I hoped to avoid with an alternative DNS service.

Imagine my chagrin when I entered a non-existent domain while using OpenDNS, and saw this.

IMAGE(<a href="http://stuff.ermarian.net/aranca" title="http://stuff.ermarian.net/aranca">http://stuff.ermarian.net/aranca</a>...)

What is worse, if I connect to a bad mail or IRC server, I'm stuck waiting while my client tries to connect to port 6667 or 25 on the OpenDNS server, which times out.

Long story short, I'm using OpenNIC instead now, and it works like a charm. Amazingly, they have also managed to restrain themselves from trying to hijack my domain lookups. Moral: Not everything that has "Open" in the name is actually useful or reliable (though that was probably clear since the farce Microsoft made of the International Standards Organization with Office Open XML).

  • 529 reads

Yeah, every time DNS

Submitted by Anonymous on Sun, 2009-10-18 06:32.

Yeah, every time DNS hijacking is brought up in places like Slashdot, someone recommends OpenDNS, unaware that it considers hijacking a feature.

It does get worse - I don't know if it's my DNS or some inane Firefox option, but whenever I type a single word into the awesome bar, it performs something like an "I'm feeling lucky" search.

1. Type in a keyword.
2. Miss hitting Down to select something from my history.
3. Press Enter.
4. Get a porn site at work.
5. ???
6. Don't profit.

Post new comment

  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [cpp], [css], [define], [diff], [dtd], [font], [h3], [h4], [h5], [h6], [hr], [html], [i], [image], [img], [java], [javascript], [justify], [left], [list], [mysql], [node], [ol], [perl], [php], [python], [quote], [right], [s], [sh], [size], [sql], [sub], [sup], [table], [u], [ul], [url], [wikipedia], [xml]
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Easily link to terms in various wikis. For help, see <a href="/interwiki/3">interwiki</a>.
  • Textual smileys will be replaced with graphical ones.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Home
Syndicate content